From 33e7dd3480ef3f05f41a9743ca26fa7884e07e94 Mon Sep 17 00:00:00 2001
From: Inna Palant <ipalant@google.com>
Date: Wed, 26 Jul 2023 08:26:33 -0700
Subject: [PATCH 01/25] Initial empty repository


From 6ceba477190b499c83c1a2f2bc9ecbcc7a9581b8 Mon Sep 17 00:00:00 2001
From: Robin Peng <robinpeng@google.com>
Date: Wed, 16 Aug 2023 09:07:42 +0000
Subject: [PATCH 02/25] Migrate caimito devices into caimito folder from sha
 1806d56f34a01

Bug: 291867277
Change-Id: I8de9c1a351fef56a6decfb66de22baa641ad895a
---
 OWNERS                         |  3 +++
 caiman-sepolicy.mk             |  5 ++++
 caiman/README.txt              |  2 ++
 caiman/file_contexts           |  4 ++++
 caiman/genfs_contexts          | 32 ++++++++++++++++++++++++++
 fingerprint/file_contexts      | 12 ++++++++++
 fingerprint/hwservice_contexts |  1 +
 fingerprint/init-qfp-sh.te     |  5 ++++
 fingerprint/qfp-daemon.te      | 42 ++++++++++++++++++++++++++++++++++
 komodo-sepolicy.mk             |  5 ++++
 komodo/README.txt              |  2 ++
 komodo/file_contexts           |  4 ++++
 komodo/genfs_contexts          | 32 ++++++++++++++++++++++++++
 ripcurrent24-sepolicy.mk       |  5 ++++
 ripcurrent24/README.txt        |  2 ++
 ripcurrent24/file_contexts     |  4 ++++
 ripcurrent24/genfs_contexts    | 32 ++++++++++++++++++++++++++
 ripcurrentpro-sepolicy.mk      |  5 ++++
 ripcurrentpro/README.txt       |  2 ++
 ripcurrentpro/file_contexts    |  4 ++++
 ripcurrentpro/genfs_contexts   | 32 ++++++++++++++++++++++++++
 tokay-sepolicy.mk              |  5 ++++
 tokay/README.txt               |  2 ++
 tokay/file_contexts            |  4 ++++
 tokay/genfs_contexts           | 32 ++++++++++++++++++++++++++
 25 files changed, 278 insertions(+)
 create mode 100644 OWNERS
 create mode 100644 caiman-sepolicy.mk
 create mode 100644 caiman/README.txt
 create mode 100644 caiman/file_contexts
 create mode 100644 caiman/genfs_contexts
 create mode 100644 fingerprint/file_contexts
 create mode 100644 fingerprint/hwservice_contexts
 create mode 100644 fingerprint/init-qfp-sh.te
 create mode 100644 fingerprint/qfp-daemon.te
 create mode 100644 komodo-sepolicy.mk
 create mode 100644 komodo/README.txt
 create mode 100644 komodo/file_contexts
 create mode 100644 komodo/genfs_contexts
 create mode 100644 ripcurrent24-sepolicy.mk
 create mode 100644 ripcurrent24/README.txt
 create mode 100644 ripcurrent24/file_contexts
 create mode 100644 ripcurrent24/genfs_contexts
 create mode 100644 ripcurrentpro-sepolicy.mk
 create mode 100644 ripcurrentpro/README.txt
 create mode 100644 ripcurrentpro/file_contexts
 create mode 100644 ripcurrentpro/genfs_contexts
 create mode 100644 tokay-sepolicy.mk
 create mode 100644 tokay/README.txt
 create mode 100644 tokay/file_contexts
 create mode 100644 tokay/genfs_contexts

diff --git a/OWNERS b/OWNERS
new file mode 100644
index 00000000..791abb4a
--- /dev/null
+++ b/OWNERS
@@ -0,0 +1,3 @@
+include platform/system/sepolicy:/OWNERS
+
+rurumihong@google.com
diff --git a/caiman-sepolicy.mk b/caiman-sepolicy.mk
new file mode 100644
index 00000000..f6c52b39
--- /dev/null
+++ b/caiman-sepolicy.mk
@@ -0,0 +1,5 @@
+# sepolicy that are shared among devices using ZumaPro
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/caiman
+
+# UDFPS sepolicy.
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
diff --git a/caiman/README.txt b/caiman/README.txt
new file mode 100644
index 00000000..67a320fd
--- /dev/null
+++ b/caiman/README.txt
@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
diff --git a/caiman/file_contexts b/caiman/file_contexts
new file mode 100644
index 00000000..cae0049b
--- /dev/null
+++ b/caiman/file_contexts
@@ -0,0 +1,4 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
diff --git a/caiman/genfs_contexts b/caiman/genfs_contexts
new file mode 100644
index 00000000..ba056b05
--- /dev/null
+++ b/caiman/genfs_contexts
@@ -0,0 +1,32 @@
+# Haptics
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
+
+# WLC
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
+
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
+
+
diff --git a/fingerprint/file_contexts b/fingerprint/file_contexts
new file mode 100644
index 00000000..d83f2864
--- /dev/null
+++ b/fingerprint/file_contexts
@@ -0,0 +1,12 @@
+# qfp-daemon HAL for fingerprint
+/vendor/bin/hw/qfp-daemon u:object_r:qfp-daemon_exec:s0
+
+/data/vendor/misc/qti_fp u:object_r:vendor_qfp-daemon_data_file:s0
+
+/dev/qbt_ipc u:object_r:vendor_qbt_device:s0
+/dev/qbt_fd u:object_r:vendor_qbt_device:s0
+
+/mnt/vendor/persist/qti_fp u:object_r:vendor_persist_qti_fp_file:s0
+
+# Script for initializing vfs_calib.dat and persistent props.
+/vendor/bin/init\.qfp\.sh u:object_r:init-qfp-sh_exec:s0
diff --git a/fingerprint/hwservice_contexts b/fingerprint/hwservice_contexts
new file mode 100644
index 00000000..cc1aec10
--- /dev/null
+++ b/fingerprint/hwservice_contexts
@@ -0,0 +1 @@
+vendor.qti.hardware.fingerprint::IQtiExtendedFingerprint u:object_r:qfp_hal_fingerprint_hwservice:s0
diff --git a/fingerprint/init-qfp-sh.te b/fingerprint/init-qfp-sh.te
new file mode 100644
index 00000000..413ddc35
--- /dev/null
+++ b/fingerprint/init-qfp-sh.te
@@ -0,0 +1,5 @@
+type init-qfp-sh, domain;
+type init-qfp-sh_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(init-qfp-sh)
+
+domain_auto_trans(init, init-qfp-sh_exec, init-qfp-sh)
diff --git a/fingerprint/qfp-daemon.te b/fingerprint/qfp-daemon.te
new file mode 100644
index 00000000..df70eeac
--- /dev/null
+++ b/fingerprint/qfp-daemon.te
@@ -0,0 +1,42 @@
+# Allow qfp-daemon to act as AIDL service.
+type qfp-daemon, domain;
+type qfp-daemon_exec, exec_type, vendor_file_type, file_type;
+hal_server_domain(qfp-daemon, hal_fingerprint)
+init_daemon_domain(qfp-daemon)
+
+# Permissions to /data/vendor/misc/qti_fp and make files.
+type vendor_qfp-daemon_data_file, file_type, data_file_type;
+allow qfp-daemon vendor_qfp-daemon_data_file:dir { rw_dir_perms setattr create_dir_perms search };
+allow qfp-daemon vendor_qfp-daemon_data_file:file create_file_perms;
+
+# Permissions to read system properties.
+allow qfp-daemon property_socket:sock_file write;
+
+# Permissions to write to /dev/qbt_fd and /dev/qbt_ipc
+type vendor_qbt_device, dev_type;
+allow qfp-daemon vendor_qbt_device:chr_file rw_file_perms;
+
+# /vendor/data read permissions for storing factory test data.
+type qfp_vendor_data_file, file_type, data_file_type;
+allow qfp-daemon qfp_vendor_data_file:dir r_dir_perms;
+
+# Permissions to create directory at /vendor/persist/qti_fp and make a file.
+type vendor_persist_qti_fp_file, file_type, vendor_persist_type;
+allow qfp-daemon vendor_persist_qti_fp_file:dir r_dir_perms;
+allow qfp-daemon vendor_persist_qti_fp_file:file r_file_perms;
+
+# Permissions to wake device.
+allow qfp-daemon self:capability2 { block_suspend wake_alarm };
+
+# Register to hwbinder for HIDL and binder for AIDL.
+hwbinder_use(qfp-daemon)
+binder_use(qfp-daemon)
+
+# Add hwservice for IQti extension HIDL.
+type qfp_hal_fingerprint_hwservice, hwservice_manager_type;
+add_hwservice(qfp-daemon, qfp_hal_fingerprint_hwservice);
+
+allow hal_fingerprint qfp_hal_fingerprint_hwservice:hwservice_manager find;
+
+allow platform_app qfp-daemon:binder { call transfer };
+allow platform_app qfp_hal_fingerprint_hwservice:hwservice_manager find;
diff --git a/komodo-sepolicy.mk b/komodo-sepolicy.mk
new file mode 100644
index 00000000..f5d822d9
--- /dev/null
+++ b/komodo-sepolicy.mk
@@ -0,0 +1,5 @@
+# sepolicy that are shared among devices using ZumaPro
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/komodo
+
+# UDFPS sepolicy.
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
diff --git a/komodo/README.txt b/komodo/README.txt
new file mode 100644
index 00000000..67a320fd
--- /dev/null
+++ b/komodo/README.txt
@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
diff --git a/komodo/file_contexts b/komodo/file_contexts
new file mode 100644
index 00000000..cae0049b
--- /dev/null
+++ b/komodo/file_contexts
@@ -0,0 +1,4 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
diff --git a/komodo/genfs_contexts b/komodo/genfs_contexts
new file mode 100644
index 00000000..ba056b05
--- /dev/null
+++ b/komodo/genfs_contexts
@@ -0,0 +1,32 @@
+# Haptics
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
+
+# WLC
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
+
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
+
+
diff --git a/ripcurrent24-sepolicy.mk b/ripcurrent24-sepolicy.mk
new file mode 100644
index 00000000..63f1e2f6
--- /dev/null
+++ b/ripcurrent24-sepolicy.mk
@@ -0,0 +1,5 @@
+# sepolicy that are shared among devices using ZumaPro
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/ripcurrent24
+
+# UDFPS sepolicy.
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
diff --git a/ripcurrent24/README.txt b/ripcurrent24/README.txt
new file mode 100644
index 00000000..67a320fd
--- /dev/null
+++ b/ripcurrent24/README.txt
@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
diff --git a/ripcurrent24/file_contexts b/ripcurrent24/file_contexts
new file mode 100644
index 00000000..cae0049b
--- /dev/null
+++ b/ripcurrent24/file_contexts
@@ -0,0 +1,4 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
diff --git a/ripcurrent24/genfs_contexts b/ripcurrent24/genfs_contexts
new file mode 100644
index 00000000..ba056b05
--- /dev/null
+++ b/ripcurrent24/genfs_contexts
@@ -0,0 +1,32 @@
+# Haptics
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
+
+# WLC
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
+
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
+
+
diff --git a/ripcurrentpro-sepolicy.mk b/ripcurrentpro-sepolicy.mk
new file mode 100644
index 00000000..0bcab522
--- /dev/null
+++ b/ripcurrentpro-sepolicy.mk
@@ -0,0 +1,5 @@
+# sepolicy that are shared among devices using ZumaPro
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/ripcurrentpro
+
+# UDFPS sepolicy.
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
diff --git a/ripcurrentpro/README.txt b/ripcurrentpro/README.txt
new file mode 100644
index 00000000..67a320fd
--- /dev/null
+++ b/ripcurrentpro/README.txt
@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
diff --git a/ripcurrentpro/file_contexts b/ripcurrentpro/file_contexts
new file mode 100644
index 00000000..cae0049b
--- /dev/null
+++ b/ripcurrentpro/file_contexts
@@ -0,0 +1,4 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
diff --git a/ripcurrentpro/genfs_contexts b/ripcurrentpro/genfs_contexts
new file mode 100644
index 00000000..ba056b05
--- /dev/null
+++ b/ripcurrentpro/genfs_contexts
@@ -0,0 +1,32 @@
+# Haptics
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
+
+# WLC
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
+
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
+
+
diff --git a/tokay-sepolicy.mk b/tokay-sepolicy.mk
new file mode 100644
index 00000000..90689a32
--- /dev/null
+++ b/tokay-sepolicy.mk
@@ -0,0 +1,5 @@
+# sepolicy that are shared among devices using ZumaPro
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/tokay
+
+# UDFPS sepolicy.
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
diff --git a/tokay/README.txt b/tokay/README.txt
new file mode 100644
index 00000000..67a320fd
--- /dev/null
+++ b/tokay/README.txt
@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.
diff --git a/tokay/file_contexts b/tokay/file_contexts
new file mode 100644
index 00000000..cae0049b
--- /dev/null
+++ b/tokay/file_contexts
@@ -0,0 +1,4 @@
+# Bluetooth
+/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
+/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
+/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
diff --git a/tokay/genfs_contexts b/tokay/genfs_contexts
new file mode 100644
index 00000000..ba056b05
--- /dev/null
+++ b/tokay/genfs_contexts
@@ -0,0 +1,32 @@
+# Haptics
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
+
+# WLC
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
+
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
+
+

From 185d6a4844773ee6e92aa1f9ae61394a768c3af9 Mon Sep 17 00:00:00 2001
From: Alec Foster <ajfoster@google.com>
Date: Fri, 25 Aug 2023 18:26:50 +0000
Subject: [PATCH 03/25] Remove incorrect fingerprint SePolicy.

Bug: 295228935
Test: Compiles.
Change-Id: I2410bb45df4f90b8e7d853516910341814b839bb
---
 fingerprint/file_contexts      | 12 ----------
 fingerprint/hwservice_contexts |  1 -
 fingerprint/init-qfp-sh.te     |  5 ----
 fingerprint/qfp-daemon.te      | 42 ----------------------------------
 4 files changed, 60 deletions(-)
 delete mode 100644 fingerprint/file_contexts
 delete mode 100644 fingerprint/hwservice_contexts
 delete mode 100644 fingerprint/init-qfp-sh.te
 delete mode 100644 fingerprint/qfp-daemon.te

diff --git a/fingerprint/file_contexts b/fingerprint/file_contexts
deleted file mode 100644
index d83f2864..00000000
--- a/fingerprint/file_contexts
+++ /dev/null
@@ -1,12 +0,0 @@
-# qfp-daemon HAL for fingerprint
-/vendor/bin/hw/qfp-daemon u:object_r:qfp-daemon_exec:s0
-
-/data/vendor/misc/qti_fp u:object_r:vendor_qfp-daemon_data_file:s0
-
-/dev/qbt_ipc u:object_r:vendor_qbt_device:s0
-/dev/qbt_fd u:object_r:vendor_qbt_device:s0
-
-/mnt/vendor/persist/qti_fp u:object_r:vendor_persist_qti_fp_file:s0
-
-# Script for initializing vfs_calib.dat and persistent props.
-/vendor/bin/init\.qfp\.sh u:object_r:init-qfp-sh_exec:s0
diff --git a/fingerprint/hwservice_contexts b/fingerprint/hwservice_contexts
deleted file mode 100644
index cc1aec10..00000000
--- a/fingerprint/hwservice_contexts
+++ /dev/null
@@ -1 +0,0 @@
-vendor.qti.hardware.fingerprint::IQtiExtendedFingerprint u:object_r:qfp_hal_fingerprint_hwservice:s0
diff --git a/fingerprint/init-qfp-sh.te b/fingerprint/init-qfp-sh.te
deleted file mode 100644
index 413ddc35..00000000
--- a/fingerprint/init-qfp-sh.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type init-qfp-sh, domain;
-type init-qfp-sh_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(init-qfp-sh)
-
-domain_auto_trans(init, init-qfp-sh_exec, init-qfp-sh)
diff --git a/fingerprint/qfp-daemon.te b/fingerprint/qfp-daemon.te
deleted file mode 100644
index df70eeac..00000000
--- a/fingerprint/qfp-daemon.te
+++ /dev/null
@@ -1,42 +0,0 @@
-# Allow qfp-daemon to act as AIDL service.
-type qfp-daemon, domain;
-type qfp-daemon_exec, exec_type, vendor_file_type, file_type;
-hal_server_domain(qfp-daemon, hal_fingerprint)
-init_daemon_domain(qfp-daemon)
-
-# Permissions to /data/vendor/misc/qti_fp and make files.
-type vendor_qfp-daemon_data_file, file_type, data_file_type;
-allow qfp-daemon vendor_qfp-daemon_data_file:dir { rw_dir_perms setattr create_dir_perms search };
-allow qfp-daemon vendor_qfp-daemon_data_file:file create_file_perms;
-
-# Permissions to read system properties.
-allow qfp-daemon property_socket:sock_file write;
-
-# Permissions to write to /dev/qbt_fd and /dev/qbt_ipc
-type vendor_qbt_device, dev_type;
-allow qfp-daemon vendor_qbt_device:chr_file rw_file_perms;
-
-# /vendor/data read permissions for storing factory test data.
-type qfp_vendor_data_file, file_type, data_file_type;
-allow qfp-daemon qfp_vendor_data_file:dir r_dir_perms;
-
-# Permissions to create directory at /vendor/persist/qti_fp and make a file.
-type vendor_persist_qti_fp_file, file_type, vendor_persist_type;
-allow qfp-daemon vendor_persist_qti_fp_file:dir r_dir_perms;
-allow qfp-daemon vendor_persist_qti_fp_file:file r_file_perms;
-
-# Permissions to wake device.
-allow qfp-daemon self:capability2 { block_suspend wake_alarm };
-
-# Register to hwbinder for HIDL and binder for AIDL.
-hwbinder_use(qfp-daemon)
-binder_use(qfp-daemon)
-
-# Add hwservice for IQti extension HIDL.
-type qfp_hal_fingerprint_hwservice, hwservice_manager_type;
-add_hwservice(qfp-daemon, qfp_hal_fingerprint_hwservice);
-
-allow hal_fingerprint qfp_hal_fingerprint_hwservice:hwservice_manager find;
-
-allow platform_app qfp-daemon:binder { call transfer };
-allow platform_app qfp_hal_fingerprint_hwservice:hwservice_manager find;

From 9babd6de617a9203fec7e379f1940f1b8ad8d568 Mon Sep 17 00:00:00 2001
From: Tai Kuo <taikuo@google.com>
Date: Mon, 4 Sep 2023 19:14:23 +0800
Subject: [PATCH 04/25] Update and clean up CS40L26 I2C paths.

1. Remove unused I2C paths.
2. Update 2nd vibrator I2C path.
3. Leave ripcurrent24 untouched due to different I2C.

Bug: 285343932
Test: No AVC denials.
Change-Id: Ib0040b00ae29e02a3f72033b7bb94a5c9b82041c
---
 caiman/genfs_contexts        | 8 --------
 komodo/genfs_contexts        | 8 --------
 ripcurrentpro/genfs_contexts | 7 +------
 tokay/genfs_contexts         | 8 --------
 4 files changed, 1 insertion(+), 30 deletions(-)

diff --git a/caiman/genfs_contexts b/caiman/genfs_contexts
index ba056b05..2f08b161 100644
--- a/caiman/genfs_contexts
+++ b/caiman/genfs_contexts
@@ -1,11 +1,3 @@
-# Haptics
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
-
 # WLC
 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
diff --git a/komodo/genfs_contexts b/komodo/genfs_contexts
index ba056b05..2f08b161 100644
--- a/komodo/genfs_contexts
+++ b/komodo/genfs_contexts
@@ -1,11 +1,3 @@
-# Haptics
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
-
 # WLC
 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
diff --git a/ripcurrentpro/genfs_contexts b/ripcurrentpro/genfs_contexts
index ba056b05..fd8b2536 100644
--- a/ripcurrentpro/genfs_contexts
+++ b/ripcurrentpro/genfs_contexts
@@ -1,10 +1,5 @@
 # Haptics
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0042            u:object_r:sysfs_vibrator:s0
 
 # WLC
 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
diff --git a/tokay/genfs_contexts b/tokay/genfs_contexts
index ba056b05..2f08b161 100644
--- a/tokay/genfs_contexts
+++ b/tokay/genfs_contexts
@@ -1,11 +1,3 @@
-# Haptics
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0042            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0043            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object_r:sysfs_vibrator:s0
-genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
-
 # WLC
 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0

From 691b1384c645d20cdd6a78fb7d7ed1c37200a0eb Mon Sep 17 00:00:00 2001
From: joenchen <joenchen@google.com>
Date: Tue, 12 Sep 2023 02:06:05 +0000
Subject: [PATCH 05/25] RRS: allow init to set display properties

Test: Boot w/ and w/o user selected configs and check the resolution
Bug: 299603039
Change-Id: I55f24915a9ebb7464b003f89541b2567c67cff8b
---
 caiman/vendor_init.te | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 caiman/vendor_init.te

diff --git a/caiman/vendor_init.te b/caiman/vendor_init.te
new file mode 100644
index 00000000..3f4df0ef
--- /dev/null
+++ b/caiman/vendor_init.te
@@ -0,0 +1,2 @@
+# Display
+set_prop(vendor_init, vendor_display_prop)

From c2a9fb71dc50bb1d611636118c8e182ebc45683c Mon Sep 17 00:00:00 2001
From: Joe Huang <joethhuang@google.com>
Date: Fri, 25 Aug 2023 04:32:35 +0800
Subject: [PATCH 06/25] gps: add sepolicy

 - Add sepolicy for vendor gnss binary
 - Add sepolicy for gnss_check.sh

Bug: 294708565
Bug: 301509452

Test: GPS Test, check avc denied errors
Change-Id: Idc78f44641b063a37c91f9a3c12fe255e8d2d078
---
 caiman-sepolicy.mk       |  3 +++
 gnss/file_contexts       | 11 +++++++++++
 gnss/gnss_check.te       |  6 ++++++
 gnss/gnssd.te            | 23 +++++++++++++++++++++++
 gnss/hal_gnss_default.te |  2 ++
 gnss/rild.te             |  1 +
 gnss/sctd.te             |  3 +++
 gnss/spad.te             |  3 +++
 gnss/swcnd.te            |  3 +++
 komodo-sepolicy.mk       |  3 +++
 ripcurrent24-sepolicy.mk |  3 +++
 tokay-sepolicy.mk        |  3 +++
 12 files changed, 64 insertions(+)
 create mode 100644 gnss/file_contexts
 create mode 100644 gnss/gnss_check.te
 create mode 100644 gnss/gnssd.te
 create mode 100644 gnss/hal_gnss_default.te
 create mode 100644 gnss/rild.te
 create mode 100644 gnss/sctd.te
 create mode 100644 gnss/spad.te
 create mode 100644 gnss/swcnd.te

diff --git a/caiman-sepolicy.mk b/caiman-sepolicy.mk
index f6c52b39..6354acf7 100644
--- a/caiman-sepolicy.mk
+++ b/caiman-sepolicy.mk
@@ -3,3 +3,6 @@ BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/caiman
 
 # UDFPS sepolicy.
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
+
+# GPS sepolicy
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
diff --git a/gnss/file_contexts b/gnss/file_contexts
new file mode 100644
index 00000000..1a4c2d4b
--- /dev/null
+++ b/gnss/file_contexts
@@ -0,0 +1,11 @@
+# GPS
+/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad             u:object_r:spad_exec:s0
+/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
diff --git a/gnss/gnss_check.te b/gnss/gnss_check.te
new file mode 100644
index 00000000..e19a8b97
--- /dev/null
+++ b/gnss/gnss_check.te
@@ -0,0 +1,6 @@
+type gnss_check, domain;
+type gnss_check_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(gnss_check);
+
+allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
diff --git a/gnss/gnssd.te b/gnss/gnssd.te
new file mode 100644
index 00000000..ea16762b
--- /dev/null
+++ b/gnss/gnssd.te
@@ -0,0 +1,23 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+# binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+get_prop(gnssd, bootanim_system_prop)
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
diff --git a/gnss/hal_gnss_default.te b/gnss/hal_gnss_default.te
new file mode 100644
index 00000000..25fc30a9
--- /dev/null
+++ b/gnss/hal_gnss_default.te
@@ -0,0 +1,2 @@
+binder_call(hal_gnss_default, gnssd);
+
diff --git a/gnss/rild.te b/gnss/rild.te
new file mode 100644
index 00000000..c620a19b
--- /dev/null
+++ b/gnss/rild.te
@@ -0,0 +1 @@
+binder_call(rild, gnssd)
diff --git a/gnss/sctd.te b/gnss/sctd.te
new file mode 100644
index 00000000..8966ef8a
--- /dev/null
+++ b/gnss/sctd.te
@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);
diff --git a/gnss/spad.te b/gnss/spad.te
new file mode 100644
index 00000000..eaf8b1c8
--- /dev/null
+++ b/gnss/spad.te
@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);
diff --git a/gnss/swcnd.te b/gnss/swcnd.te
new file mode 100644
index 00000000..c366cad8
--- /dev/null
+++ b/gnss/swcnd.te
@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);
diff --git a/komodo-sepolicy.mk b/komodo-sepolicy.mk
index f5d822d9..c01cdba2 100644
--- a/komodo-sepolicy.mk
+++ b/komodo-sepolicy.mk
@@ -3,3 +3,6 @@ BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/komodo
 
 # UDFPS sepolicy.
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
+
+# GPS sepolicy
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
diff --git a/ripcurrent24-sepolicy.mk b/ripcurrent24-sepolicy.mk
index 63f1e2f6..f195b047 100644
--- a/ripcurrent24-sepolicy.mk
+++ b/ripcurrent24-sepolicy.mk
@@ -3,3 +3,6 @@ BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/ripcurrent24
 
 # UDFPS sepolicy.
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
+
+# GPS sepolicy
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
diff --git a/tokay-sepolicy.mk b/tokay-sepolicy.mk
index 90689a32..2711c2cd 100644
--- a/tokay-sepolicy.mk
+++ b/tokay-sepolicy.mk
@@ -3,3 +3,6 @@ BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/tokay
 
 # UDFPS sepolicy.
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
+
+# GPS sepolicy
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss

From 53d79fd6610b94905c1f39eb96ff41b65d4fd5a4 Mon Sep 17 00:00:00 2001
From: Vincent Wang <firewall@google.com>
Date: Wed, 18 Oct 2023 05:49:35 +0000
Subject: [PATCH 07/25] Add SEPolicy for KM4/CM4 to access FingerprintHal from
 Settings

Bug: b/301224470
Test: Check GoogleSettings could acess Fingerprint HAL
Change-Id: Id1536115bdbe72e3ffa6eb8531b45faa02ff5a5d
---
 caiman-sepolicy.mk                    | 3 +++
 fingerprint_capacitance/system_app.te | 2 ++
 komodo-sepolicy.mk                    | 3 +++
 ripcurrent24-sepolicy.mk              | 3 +++
 tokay-sepolicy.mk                     | 3 +++
 5 files changed, 14 insertions(+)
 create mode 100644 fingerprint_capacitance/system_app.te

diff --git a/caiman-sepolicy.mk b/caiman-sepolicy.mk
index 6354acf7..d34e613a 100644
--- a/caiman-sepolicy.mk
+++ b/caiman-sepolicy.mk
@@ -6,3 +6,6 @@ BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
 
 # GPS sepolicy
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
+
+#Fingerprint
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/fingerprint_capacitance/system_app.te b/fingerprint_capacitance/system_app.te
new file mode 100644
index 00000000..e1a7d523
--- /dev/null
+++ b/fingerprint_capacitance/system_app.te
@@ -0,0 +1,2 @@
+# TODO (b/306087355) Remove this and make it specific to the app
+hal_client_domain(system_app, hal_fingerprint)
diff --git a/komodo-sepolicy.mk b/komodo-sepolicy.mk
index c01cdba2..feed173c 100644
--- a/komodo-sepolicy.mk
+++ b/komodo-sepolicy.mk
@@ -6,3 +6,6 @@ BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
 
 # GPS sepolicy
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
+
+#Fingerprint
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/ripcurrent24-sepolicy.mk b/ripcurrent24-sepolicy.mk
index f195b047..48f50099 100644
--- a/ripcurrent24-sepolicy.mk
+++ b/ripcurrent24-sepolicy.mk
@@ -6,3 +6,6 @@ BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
 
 # GPS sepolicy
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
+
+#Fingerprint
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/tokay-sepolicy.mk b/tokay-sepolicy.mk
index 2711c2cd..bfc19e5c 100644
--- a/tokay-sepolicy.mk
+++ b/tokay-sepolicy.mk
@@ -6,3 +6,6 @@ BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
 
 # GPS sepolicy
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
+
+#Fingerprint
+BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance

From 35a25187b5ef1ba5cd0a94c51826584e6c6f2a6f Mon Sep 17 00:00:00 2001
From: YiKai Peng <kenpeng@google.com>
Date: Mon, 23 Oct 2023 05:35:25 +0000
Subject: [PATCH 08/25] WLC: add static i2c number for sepolicy and remove
 others

Bug: 306699444
Test: No selinux denials related to wireless
Change-Id: Ie2934d8d1a4aca97d29c80cdede56f9426d26dca
Signed-off-by: YiKai Peng <kenpeng@google.com>
---
 caiman/genfs_contexts        | 24 +-----------------------
 komodo/genfs_contexts        | 24 +-----------------------
 ripcurrent24/genfs_contexts  | 25 ++-----------------------
 ripcurrentpro/genfs_contexts | 25 ++-----------------------
 tokay/genfs_contexts         | 24 +-----------------------
 5 files changed, 7 insertions(+), 115 deletions(-)

diff --git a/caiman/genfs_contexts b/caiman/genfs_contexts
index 2f08b161..63170b7a 100644
--- a/caiman/genfs_contexts
+++ b/caiman/genfs_contexts
@@ -1,24 +1,2 @@
 # WLC
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
-
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
-
-
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b                          u:object_r:sysfs_wlc:s0
diff --git a/komodo/genfs_contexts b/komodo/genfs_contexts
index 2f08b161..63170b7a 100644
--- a/komodo/genfs_contexts
+++ b/komodo/genfs_contexts
@@ -1,24 +1,2 @@
 # WLC
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
-
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
-
-
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b                          u:object_r:sysfs_wlc:s0
diff --git a/ripcurrent24/genfs_contexts b/ripcurrent24/genfs_contexts
index ba056b05..928a80cc 100644
--- a/ripcurrent24/genfs_contexts
+++ b/ripcurrent24/genfs_contexts
@@ -7,26 +7,5 @@ genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object
 genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
 
 # WLC
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
-
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
-
-
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b                          u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061                          u:object_r:sysfs_wlc:s0
diff --git a/ripcurrentpro/genfs_contexts b/ripcurrentpro/genfs_contexts
index fd8b2536..bf853a63 100644
--- a/ripcurrentpro/genfs_contexts
+++ b/ripcurrentpro/genfs_contexts
@@ -2,26 +2,5 @@
 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0042            u:object_r:sysfs_vibrator:s0
 
 # WLC
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
-
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
-
-
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b                          u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061                          u:object_r:sysfs_wlc:s0
diff --git a/tokay/genfs_contexts b/tokay/genfs_contexts
index 2f08b161..63170b7a 100644
--- a/tokay/genfs_contexts
+++ b/tokay/genfs_contexts
@@ -1,24 +1,2 @@
 # WLC
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c                            u:object_r:sysfs_wlc:s0
-
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b                            u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                            u:object_r:sysfs_wlc:s0
-
-
+genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b                          u:object_r:sysfs_wlc:s0

From e2a1fc8f509edb9377f02294fdd0f8a94515ad4c Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Wed, 25 Oct 2023 08:09:31 +0000
Subject: [PATCH 09/25] Initial SEpolicy tracking_denials

Bug: 296187211
Change-Id: I129f00a1d90d46dee99bc74a89bd7ebb94ef9b36
---
 tracking_denials/README.txt | 2 ++
 tracking_denials/bug_map    | 1 +
 2 files changed, 3 insertions(+)
 create mode 100644 tracking_denials/README.txt
 create mode 100644 tracking_denials/bug_map

diff --git a/tracking_denials/README.txt b/tracking_denials/README.txt
new file mode 100644
index 00000000..6cfc62df
--- /dev/null
+++ b/tracking_denials/README.txt
@@ -0,0 +1,2 @@
+This folder stores known errors detected by PTS. Be sure to remove relevant
+files to reproduce error log on latest ROMs.
diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
new file mode 100644
index 00000000..8b137891
--- /dev/null
+++ b/tracking_denials/bug_map
@@ -0,0 +1 @@
+

From 5fff1bb1b48a7e02ecaf636ea814aba8f60697d0 Mon Sep 17 00:00:00 2001
From: Ted Wang <tedwang@google.com>
Date: Fri, 27 Oct 2023 06:21:06 +0000
Subject: [PATCH 10/25] Move Bluetooth uart and lpm related policy to zumapro

bug: 303046044
Test: build
Change-Id: I3e4ebc710557567b0425667b4576958fca6643b4
---
 caiman/file_contexts        | 4 ----
 komodo/file_contexts        | 4 ----
 ripcurrent24/file_contexts  | 4 ----
 ripcurrentpro/file_contexts | 4 ----
 tokay/file_contexts         | 4 ----
 5 files changed, 20 deletions(-)
 delete mode 100644 caiman/file_contexts
 delete mode 100644 komodo/file_contexts
 delete mode 100644 ripcurrent24/file_contexts
 delete mode 100644 ripcurrentpro/file_contexts
 delete mode 100644 tokay/file_contexts

diff --git a/caiman/file_contexts b/caiman/file_contexts
deleted file mode 100644
index cae0049b..00000000
--- a/caiman/file_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-# Bluetooth
-/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
-/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
-/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
diff --git a/komodo/file_contexts b/komodo/file_contexts
deleted file mode 100644
index cae0049b..00000000
--- a/komodo/file_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-# Bluetooth
-/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
-/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
-/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
diff --git a/ripcurrent24/file_contexts b/ripcurrent24/file_contexts
deleted file mode 100644
index cae0049b..00000000
--- a/ripcurrent24/file_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-# Bluetooth
-/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
-/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
-/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
diff --git a/ripcurrentpro/file_contexts b/ripcurrentpro/file_contexts
deleted file mode 100644
index cae0049b..00000000
--- a/ripcurrentpro/file_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-# Bluetooth
-/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
-/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
-/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
diff --git a/tokay/file_contexts b/tokay/file_contexts
deleted file mode 100644
index cae0049b..00000000
--- a/tokay/file_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-# Bluetooth
-/dev/ttySAC18                       u:object_r:hci_attach_dev:s0
-/dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
-/dev/logbuffer_tty18                u:object_r:logbuffer_device:s0

From 8a5026e68418ea504ad9bfe6280d8a669c94a109 Mon Sep 17 00:00:00 2001
From: Joe Huang <joethhuang@google.com>
Date: Mon, 30 Oct 2023 17:48:07 +0800
Subject: [PATCH 11/25] Add sepolicy rules for gnss

Bug: 303789385
Test: GPS test on normal & factory builds
Change-Id: I78eba237631edc1423e7c54d3b054135706d04f1
---
 gnss/gnss_check.te       | 3 +++
 gnss/hal_gnss_default.te | 1 +
 2 files changed, 4 insertions(+)

diff --git a/gnss/gnss_check.te b/gnss/gnss_check.te
index e19a8b97..31d0944f 100644
--- a/gnss/gnss_check.te
+++ b/gnss/gnss_check.te
@@ -4,3 +4,6 @@ type gnss_check_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(gnss_check);
 
 allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
+
+set_prop(gnss_check, ctl_stop_prop);
+set_prop(gnss_check, ctl_start_prop);
diff --git a/gnss/hal_gnss_default.te b/gnss/hal_gnss_default.te
index 25fc30a9..bf1a5645 100644
--- a/gnss/hal_gnss_default.te
+++ b/gnss/hal_gnss_default.te
@@ -1,2 +1,3 @@
 binder_call(hal_gnss_default, gnssd);
 
+allow hal_gnss_default gnssd:unix_stream_socket connectto;

From 9b1f47f4b5b810c7accd5043c145eb05846bcfa5 Mon Sep 17 00:00:00 2001
From: Kamal Shafi <kamalshafi@google.com>
Date: Mon, 27 Nov 2023 09:57:24 +0000
Subject: [PATCH 12/25] sepolicy: migrate zumapro devices sepolicy

- Move device specific sepolicy

Bug: 312869113
Test: build
Change-Id: I930ecb14bd71133f2a548cba49a639fc0cdda83b
---
 caiman/file_contexts        | 16 ++++++++++++++
 komodo/file_contexts        | 16 ++++++++++++++
 ripcurrent24/file_contexts  | 44 +++++++++++++++++++++++++++++++++++++
 ripcurrentpro/file_contexts | 44 +++++++++++++++++++++++++++++++++++++
 tokay/file_contexts         | 12 ++++++++++
 5 files changed, 132 insertions(+)
 create mode 100644 caiman/file_contexts
 create mode 100644 komodo/file_contexts
 create mode 100644 ripcurrent24/file_contexts
 create mode 100644 ripcurrentpro/file_contexts
 create mode 100644 tokay/file_contexts

diff --git a/caiman/file_contexts b/caiman/file_contexts
new file mode 100644
index 00000000..cdb38af4
--- /dev/null
+++ b/caiman/file_contexts
@@ -0,0 +1,16 @@
+# Devices
+/dev/lwis-act-cornerfolk                                                    u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-taotie-front                                       u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-taotie-uw                                          u:object_r:lwis_device:s0
+/dev/lwis-eeprom-djinn                                                      u:object_r:lwis_device:s0
+/dev/lwis-eeprom-humbaba                                                    u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-taotie-front                                         u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-taotie-uw                                            u:object_r:lwis_device:s0
+/dev/lwis-flash-lm3644                                                      u:object_r:lwis_device:s0
+/dev/lwis-ois-djinn                                                         u:object_r:lwis_device:s0
+/dev/lwis-ois-humbaba                                                       u:object_r:lwis_device:s0
+/dev/lwis-sensor-boitata                                                    u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-front                                               u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-tele                                                u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
+/dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0
diff --git a/komodo/file_contexts b/komodo/file_contexts
new file mode 100644
index 00000000..cdb38af4
--- /dev/null
+++ b/komodo/file_contexts
@@ -0,0 +1,16 @@
+# Devices
+/dev/lwis-act-cornerfolk                                                    u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-taotie-front                                       u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-taotie-uw                                          u:object_r:lwis_device:s0
+/dev/lwis-eeprom-djinn                                                      u:object_r:lwis_device:s0
+/dev/lwis-eeprom-humbaba                                                    u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-taotie-front                                         u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-taotie-uw                                            u:object_r:lwis_device:s0
+/dev/lwis-flash-lm3644                                                      u:object_r:lwis_device:s0
+/dev/lwis-ois-djinn                                                         u:object_r:lwis_device:s0
+/dev/lwis-ois-humbaba                                                       u:object_r:lwis_device:s0
+/dev/lwis-sensor-boitata                                                    u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-front                                               u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-tele                                                u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
+/dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0
diff --git a/ripcurrent24/file_contexts b/ripcurrent24/file_contexts
new file mode 100644
index 00000000..1143d5fd
--- /dev/null
+++ b/ripcurrent24/file_contexts
@@ -0,0 +1,44 @@
+# Devices
+/dev/lwis-act-cornerfolk                                                    u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-dokkaebi                                           u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-nautilus                                           u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-oksoko                                             u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-oksoko-nautilus                                    u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-sandworm                                           u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-taotie-front                                       u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-taotie-uw                                          u:object_r:lwis_device:s0
+/dev/lwis-act-jotnar                                                        u:object_r:lwis_device:s0
+/dev/lwis-act-slenderman                                                    u:object_r:lwis_device:s0
+/dev/lwis-act-slenderman-sandworm                                           u:object_r:lwis_device:s0
+/dev/lwis-eeprom-djinn                                                      u:object_r:lwis_device:s0
+/dev/lwis-eeprom-djinn-nautilus                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-gargoyle                                                   u:object_r:lwis_device:s0
+/dev/lwis-eeprom-humbaba                                                    u:object_r:lwis_device:s0
+/dev/lwis-eeprom-humbaba-taotie                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-jotnar                                                     u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-dokkaebi                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-oksoko                                               u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-oksoko-nautilus                                      u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-sandworm                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-taotie-front                                         u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-taotie-uw                                            u:object_r:lwis_device:s0
+/dev/lwis-flash-lm3644                                                      u:object_r:lwis_device:s0
+/dev/lwis-ois-djinn                                                         u:object_r:lwis_device:s0
+/dev/lwis-ois-djinn-nautilus                                                u:object_r:lwis_device:s0
+/dev/lwis-ois-gargoyle                                                      u:object_r:lwis_device:s0
+/dev/lwis-ois-humbaba                                                       u:object_r:lwis_device:s0
+/dev/lwis-ois-humbaba-taotie                                                u:object_r:lwis_device:s0
+/dev/lwis-ois-jotnar                                                        u:object_r:lwis_device:s0
+/dev/lwis-sensor-boitata                                                    u:object_r:lwis_device:s0
+/dev/lwis-sensor-boitata-nautilus                                           u:object_r:lwis_device:s0
+/dev/lwis-sensor-dokkaebi                                                   u:object_r:lwis_device:s0
+/dev/lwis-sensor-dokkaebi-nautilus                                          u:object_r:lwis_device:s0
+/dev/lwis-sensor-kraken                                                     u:object_r:lwis_device:s0
+/dev/lwis-sensor-nagual                                                     u:object_r:lwis_device:s0
+/dev/lwis-sensor-oksoko                                                     u:object_r:lwis_device:s0
+/dev/lwis-sensor-oksoko-nautilus                                            u:object_r:lwis_device:s0
+/dev/lwis-sensor-sandworm                                                   u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-front                                               u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-tele                                                u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
+/dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0
diff --git a/ripcurrentpro/file_contexts b/ripcurrentpro/file_contexts
new file mode 100644
index 00000000..1143d5fd
--- /dev/null
+++ b/ripcurrentpro/file_contexts
@@ -0,0 +1,44 @@
+# Devices
+/dev/lwis-act-cornerfolk                                                    u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-dokkaebi                                           u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-nautilus                                           u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-oksoko                                             u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-oksoko-nautilus                                    u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-sandworm                                           u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-taotie-front                                       u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-taotie-uw                                          u:object_r:lwis_device:s0
+/dev/lwis-act-jotnar                                                        u:object_r:lwis_device:s0
+/dev/lwis-act-slenderman                                                    u:object_r:lwis_device:s0
+/dev/lwis-act-slenderman-sandworm                                           u:object_r:lwis_device:s0
+/dev/lwis-eeprom-djinn                                                      u:object_r:lwis_device:s0
+/dev/lwis-eeprom-djinn-nautilus                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-gargoyle                                                   u:object_r:lwis_device:s0
+/dev/lwis-eeprom-humbaba                                                    u:object_r:lwis_device:s0
+/dev/lwis-eeprom-humbaba-taotie                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-jotnar                                                     u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-dokkaebi                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-oksoko                                               u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-oksoko-nautilus                                      u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-sandworm                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-taotie-front                                         u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-taotie-uw                                            u:object_r:lwis_device:s0
+/dev/lwis-flash-lm3644                                                      u:object_r:lwis_device:s0
+/dev/lwis-ois-djinn                                                         u:object_r:lwis_device:s0
+/dev/lwis-ois-djinn-nautilus                                                u:object_r:lwis_device:s0
+/dev/lwis-ois-gargoyle                                                      u:object_r:lwis_device:s0
+/dev/lwis-ois-humbaba                                                       u:object_r:lwis_device:s0
+/dev/lwis-ois-humbaba-taotie                                                u:object_r:lwis_device:s0
+/dev/lwis-ois-jotnar                                                        u:object_r:lwis_device:s0
+/dev/lwis-sensor-boitata                                                    u:object_r:lwis_device:s0
+/dev/lwis-sensor-boitata-nautilus                                           u:object_r:lwis_device:s0
+/dev/lwis-sensor-dokkaebi                                                   u:object_r:lwis_device:s0
+/dev/lwis-sensor-dokkaebi-nautilus                                          u:object_r:lwis_device:s0
+/dev/lwis-sensor-kraken                                                     u:object_r:lwis_device:s0
+/dev/lwis-sensor-nagual                                                     u:object_r:lwis_device:s0
+/dev/lwis-sensor-oksoko                                                     u:object_r:lwis_device:s0
+/dev/lwis-sensor-oksoko-nautilus                                            u:object_r:lwis_device:s0
+/dev/lwis-sensor-sandworm                                                   u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-front                                               u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-tele                                                u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
+/dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0
diff --git a/tokay/file_contexts b/tokay/file_contexts
new file mode 100644
index 00000000..025e3799
--- /dev/null
+++ b/tokay/file_contexts
@@ -0,0 +1,12 @@
+# Devices
+/dev/lwis-act-cornerfolk                                                    u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-dokkaebi                                           u:object_r:lwis_device:s0
+/dev/lwis-act-cornerfolk-taotie-uw                                          u:object_r:lwis_device:s0
+/dev/lwis-eeprom-djinn                                                      u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-dokkaebi                                             u:object_r:lwis_device:s0
+/dev/lwis-eeprom-smaug-taotie-uw                                            u:object_r:lwis_device:s0
+/dev/lwis-flash-lm3644                                                      u:object_r:lwis_device:s0
+/dev/lwis-ois-djinn                                                         u:object_r:lwis_device:s0
+/dev/lwis-sensor-boitata                                                    u:object_r:lwis_device:s0
+/dev/lwis-sensor-dokkaebi                                                   u:object_r:lwis_device:s0
+/dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0

From 9c71cd3f28492d3f7fb7dafcdaaf758738994b62 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Tue, 19 Dec 2023 03:19:21 +0000
Subject: [PATCH 13/25] Move fingerprint to each device sepolicy folder

Bug: 312322769
Test: make sepolicy
Change-Id: Id3f76b1e3c2d7e00a4a84028555de372a79aa8e4
---
 caiman-sepolicy.mk                                | 6 ------
 {fingerprint_capacitance => caiman}/system_app.te | 0
 komodo-sepolicy.mk                                | 6 ------
 komodo/system_app.te                              | 2 ++
 ripcurrent24-sepolicy.mk                          | 6 ------
 ripcurrent24/system_app.te                        | 2 ++
 ripcurrentpro-sepolicy.mk                         | 2 --
 ripcurrentpro/system_app.te                       | 2 ++
 tokay-sepolicy.mk                                 | 6 ------
 tokay/system_app.te                               | 2 ++
 10 files changed, 8 insertions(+), 26 deletions(-)
 rename {fingerprint_capacitance => caiman}/system_app.te (100%)
 create mode 100644 komodo/system_app.te
 create mode 100644 ripcurrent24/system_app.te
 create mode 100644 ripcurrentpro/system_app.te
 create mode 100644 tokay/system_app.te

diff --git a/caiman-sepolicy.mk b/caiman-sepolicy.mk
index d34e613a..7a855876 100644
--- a/caiman-sepolicy.mk
+++ b/caiman-sepolicy.mk
@@ -1,11 +1,5 @@
 # sepolicy that are shared among devices using ZumaPro
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/caiman
 
-# UDFPS sepolicy.
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
-
 # GPS sepolicy
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
-
-#Fingerprint
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/fingerprint_capacitance/system_app.te b/caiman/system_app.te
similarity index 100%
rename from fingerprint_capacitance/system_app.te
rename to caiman/system_app.te
diff --git a/komodo-sepolicy.mk b/komodo-sepolicy.mk
index feed173c..df5cf997 100644
--- a/komodo-sepolicy.mk
+++ b/komodo-sepolicy.mk
@@ -1,11 +1,5 @@
 # sepolicy that are shared among devices using ZumaPro
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/komodo
 
-# UDFPS sepolicy.
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
-
 # GPS sepolicy
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
-
-#Fingerprint
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/komodo/system_app.te b/komodo/system_app.te
new file mode 100644
index 00000000..e1a7d523
--- /dev/null
+++ b/komodo/system_app.te
@@ -0,0 +1,2 @@
+# TODO (b/306087355) Remove this and make it specific to the app
+hal_client_domain(system_app, hal_fingerprint)
diff --git a/ripcurrent24-sepolicy.mk b/ripcurrent24-sepolicy.mk
index 48f50099..a95f1cd4 100644
--- a/ripcurrent24-sepolicy.mk
+++ b/ripcurrent24-sepolicy.mk
@@ -1,11 +1,5 @@
 # sepolicy that are shared among devices using ZumaPro
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/ripcurrent24
 
-# UDFPS sepolicy.
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
-
 # GPS sepolicy
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
-
-#Fingerprint
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/ripcurrent24/system_app.te b/ripcurrent24/system_app.te
new file mode 100644
index 00000000..e1a7d523
--- /dev/null
+++ b/ripcurrent24/system_app.te
@@ -0,0 +1,2 @@
+# TODO (b/306087355) Remove this and make it specific to the app
+hal_client_domain(system_app, hal_fingerprint)
diff --git a/ripcurrentpro-sepolicy.mk b/ripcurrentpro-sepolicy.mk
index 0bcab522..88167b20 100644
--- a/ripcurrentpro-sepolicy.mk
+++ b/ripcurrentpro-sepolicy.mk
@@ -1,5 +1,3 @@
 # sepolicy that are shared among devices using ZumaPro
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/ripcurrentpro
 
-# UDFPS sepolicy.
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
diff --git a/ripcurrentpro/system_app.te b/ripcurrentpro/system_app.te
new file mode 100644
index 00000000..e1a7d523
--- /dev/null
+++ b/ripcurrentpro/system_app.te
@@ -0,0 +1,2 @@
+# TODO (b/306087355) Remove this and make it specific to the app
+hal_client_domain(system_app, hal_fingerprint)
diff --git a/tokay-sepolicy.mk b/tokay-sepolicy.mk
index bfc19e5c..c19f6f71 100644
--- a/tokay-sepolicy.mk
+++ b/tokay-sepolicy.mk
@@ -1,11 +1,5 @@
 # sepolicy that are shared among devices using ZumaPro
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/tokay
 
-# UDFPS sepolicy.
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint
-
 # GPS sepolicy
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
-
-#Fingerprint
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/fingerprint_capacitance
diff --git a/tokay/system_app.te b/tokay/system_app.te
new file mode 100644
index 00000000..e1a7d523
--- /dev/null
+++ b/tokay/system_app.te
@@ -0,0 +1,2 @@
+# TODO (b/306087355) Remove this and make it specific to the app
+hal_client_domain(system_app, hal_fingerprint)

From ba2198d95330ab04d769ebd77fc50660262e87f4 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Tue, 19 Dec 2023 03:35:04 +0000
Subject: [PATCH 14/25] Move gnss to each device sepolicy folder

Bug: 312322769
Test: make sepolicy
Change-Id: Iaeb079415d1a1b8c71dc72dde559dd2ad21c3886
---
 caiman-sepolicy.mk                   |  3 ---
 caiman/file_contexts                 | 11 +++++++++++
 {gnss => caiman}/gnss_check.te       |  0
 {gnss => caiman}/gnssd.te            |  0
 {gnss => caiman}/hal_gnss_default.te |  0
 {gnss => caiman}/rild.te             |  0
 {gnss => caiman}/sctd.te             |  0
 {gnss => caiman}/spad.te             |  0
 {gnss => caiman}/swcnd.te            |  0
 gnss/file_contexts                   | 11 -----------
 komodo-sepolicy.mk                   |  3 ---
 komodo/file_contexts                 | 11 +++++++++++
 komodo/gnss_check.te                 |  9 +++++++++
 komodo/gnssd.te                      | 23 +++++++++++++++++++++++
 komodo/hal_gnss_default.te           |  3 +++
 komodo/rild.te                       |  1 +
 komodo/sctd.te                       |  3 +++
 komodo/spad.te                       |  3 +++
 komodo/swcnd.te                      |  3 +++
 ripcurrent24-sepolicy.mk             |  3 ---
 ripcurrent24/file_contexts           | 11 +++++++++++
 ripcurrent24/gnss_check.te           |  9 +++++++++
 ripcurrent24/gnssd.te                | 23 +++++++++++++++++++++++
 ripcurrent24/hal_gnss_default.te     |  3 +++
 ripcurrent24/rild.te                 |  1 +
 ripcurrent24/sctd.te                 |  3 +++
 ripcurrent24/spad.te                 |  3 +++
 ripcurrent24/swcnd.te                |  3 +++
 tokay-sepolicy.mk                    |  3 ---
 tokay/file_contexts                  | 11 +++++++++++
 tokay/gnss_check.te                  |  9 +++++++++
 tokay/gnssd.te                       | 23 +++++++++++++++++++++++
 tokay/hal_gnss_default.te            |  3 +++
 tokay/rild.te                        |  1 +
 tokay/sctd.te                        |  3 +++
 tokay/spad.te                        |  3 +++
 tokay/swcnd.te                       |  3 +++
 37 files changed, 179 insertions(+), 23 deletions(-)
 rename {gnss => caiman}/gnss_check.te (100%)
 rename {gnss => caiman}/gnssd.te (100%)
 rename {gnss => caiman}/hal_gnss_default.te (100%)
 rename {gnss => caiman}/rild.te (100%)
 rename {gnss => caiman}/sctd.te (100%)
 rename {gnss => caiman}/spad.te (100%)
 rename {gnss => caiman}/swcnd.te (100%)
 delete mode 100644 gnss/file_contexts
 create mode 100644 komodo/gnss_check.te
 create mode 100644 komodo/gnssd.te
 create mode 100644 komodo/hal_gnss_default.te
 create mode 100644 komodo/rild.te
 create mode 100644 komodo/sctd.te
 create mode 100644 komodo/spad.te
 create mode 100644 komodo/swcnd.te
 create mode 100644 ripcurrent24/gnss_check.te
 create mode 100644 ripcurrent24/gnssd.te
 create mode 100644 ripcurrent24/hal_gnss_default.te
 create mode 100644 ripcurrent24/rild.te
 create mode 100644 ripcurrent24/sctd.te
 create mode 100644 ripcurrent24/spad.te
 create mode 100644 ripcurrent24/swcnd.te
 create mode 100644 tokay/gnss_check.te
 create mode 100644 tokay/gnssd.te
 create mode 100644 tokay/hal_gnss_default.te
 create mode 100644 tokay/rild.te
 create mode 100644 tokay/sctd.te
 create mode 100644 tokay/spad.te
 create mode 100644 tokay/swcnd.te

diff --git a/caiman-sepolicy.mk b/caiman-sepolicy.mk
index 7a855876..f5ea59bc 100644
--- a/caiman-sepolicy.mk
+++ b/caiman-sepolicy.mk
@@ -1,5 +1,2 @@
 # sepolicy that are shared among devices using ZumaPro
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/caiman
-
-# GPS sepolicy
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
diff --git a/caiman/file_contexts b/caiman/file_contexts
index cdb38af4..2cc3a039 100644
--- a/caiman/file_contexts
+++ b/caiman/file_contexts
@@ -14,3 +14,14 @@
 /dev/lwis-sensor-taotie-tele                                                u:object_r:lwis_device:s0
 /dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
 /dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0
+# GPS
+/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad             u:object_r:spad_exec:s0
+/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
diff --git a/gnss/gnss_check.te b/caiman/gnss_check.te
similarity index 100%
rename from gnss/gnss_check.te
rename to caiman/gnss_check.te
diff --git a/gnss/gnssd.te b/caiman/gnssd.te
similarity index 100%
rename from gnss/gnssd.te
rename to caiman/gnssd.te
diff --git a/gnss/hal_gnss_default.te b/caiman/hal_gnss_default.te
similarity index 100%
rename from gnss/hal_gnss_default.te
rename to caiman/hal_gnss_default.te
diff --git a/gnss/rild.te b/caiman/rild.te
similarity index 100%
rename from gnss/rild.te
rename to caiman/rild.te
diff --git a/gnss/sctd.te b/caiman/sctd.te
similarity index 100%
rename from gnss/sctd.te
rename to caiman/sctd.te
diff --git a/gnss/spad.te b/caiman/spad.te
similarity index 100%
rename from gnss/spad.te
rename to caiman/spad.te
diff --git a/gnss/swcnd.te b/caiman/swcnd.te
similarity index 100%
rename from gnss/swcnd.te
rename to caiman/swcnd.te
diff --git a/gnss/file_contexts b/gnss/file_contexts
deleted file mode 100644
index 1a4c2d4b..00000000
--- a/gnss/file_contexts
+++ /dev/null
@@ -1,11 +0,0 @@
-# GPS
-/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
-/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
-/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
-
-/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
-/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
-/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
-/vendor/bin/hw/spad             u:object_r:spad_exec:s0
-/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
diff --git a/komodo-sepolicy.mk b/komodo-sepolicy.mk
index df5cf997..d54783f6 100644
--- a/komodo-sepolicy.mk
+++ b/komodo-sepolicy.mk
@@ -1,5 +1,2 @@
 # sepolicy that are shared among devices using ZumaPro
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/komodo
-
-# GPS sepolicy
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
diff --git a/komodo/file_contexts b/komodo/file_contexts
index cdb38af4..2cc3a039 100644
--- a/komodo/file_contexts
+++ b/komodo/file_contexts
@@ -14,3 +14,14 @@
 /dev/lwis-sensor-taotie-tele                                                u:object_r:lwis_device:s0
 /dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
 /dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0
+# GPS
+/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad             u:object_r:spad_exec:s0
+/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
diff --git a/komodo/gnss_check.te b/komodo/gnss_check.te
new file mode 100644
index 00000000..31d0944f
--- /dev/null
+++ b/komodo/gnss_check.te
@@ -0,0 +1,9 @@
+type gnss_check, domain;
+type gnss_check_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(gnss_check);
+
+allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
+
+set_prop(gnss_check, ctl_stop_prop);
+set_prop(gnss_check, ctl_start_prop);
diff --git a/komodo/gnssd.te b/komodo/gnssd.te
new file mode 100644
index 00000000..ea16762b
--- /dev/null
+++ b/komodo/gnssd.te
@@ -0,0 +1,23 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+# binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+get_prop(gnssd, bootanim_system_prop)
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
diff --git a/komodo/hal_gnss_default.te b/komodo/hal_gnss_default.te
new file mode 100644
index 00000000..bf1a5645
--- /dev/null
+++ b/komodo/hal_gnss_default.te
@@ -0,0 +1,3 @@
+binder_call(hal_gnss_default, gnssd);
+
+allow hal_gnss_default gnssd:unix_stream_socket connectto;
diff --git a/komodo/rild.te b/komodo/rild.te
new file mode 100644
index 00000000..c620a19b
--- /dev/null
+++ b/komodo/rild.te
@@ -0,0 +1 @@
+binder_call(rild, gnssd)
diff --git a/komodo/sctd.te b/komodo/sctd.te
new file mode 100644
index 00000000..8966ef8a
--- /dev/null
+++ b/komodo/sctd.te
@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);
diff --git a/komodo/spad.te b/komodo/spad.te
new file mode 100644
index 00000000..eaf8b1c8
--- /dev/null
+++ b/komodo/spad.te
@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);
diff --git a/komodo/swcnd.te b/komodo/swcnd.te
new file mode 100644
index 00000000..c366cad8
--- /dev/null
+++ b/komodo/swcnd.te
@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);
diff --git a/ripcurrent24-sepolicy.mk b/ripcurrent24-sepolicy.mk
index a95f1cd4..aa9182b4 100644
--- a/ripcurrent24-sepolicy.mk
+++ b/ripcurrent24-sepolicy.mk
@@ -1,5 +1,2 @@
 # sepolicy that are shared among devices using ZumaPro
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/ripcurrent24
-
-# GPS sepolicy
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
diff --git a/ripcurrent24/file_contexts b/ripcurrent24/file_contexts
index 1143d5fd..9fd7a3b5 100644
--- a/ripcurrent24/file_contexts
+++ b/ripcurrent24/file_contexts
@@ -42,3 +42,14 @@
 /dev/lwis-sensor-taotie-tele                                                u:object_r:lwis_device:s0
 /dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
 /dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0
+# GPS
+/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad             u:object_r:spad_exec:s0
+/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
diff --git a/ripcurrent24/gnss_check.te b/ripcurrent24/gnss_check.te
new file mode 100644
index 00000000..31d0944f
--- /dev/null
+++ b/ripcurrent24/gnss_check.te
@@ -0,0 +1,9 @@
+type gnss_check, domain;
+type gnss_check_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(gnss_check);
+
+allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
+
+set_prop(gnss_check, ctl_stop_prop);
+set_prop(gnss_check, ctl_start_prop);
diff --git a/ripcurrent24/gnssd.te b/ripcurrent24/gnssd.te
new file mode 100644
index 00000000..ea16762b
--- /dev/null
+++ b/ripcurrent24/gnssd.te
@@ -0,0 +1,23 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+# binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+get_prop(gnssd, bootanim_system_prop)
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
diff --git a/ripcurrent24/hal_gnss_default.te b/ripcurrent24/hal_gnss_default.te
new file mode 100644
index 00000000..bf1a5645
--- /dev/null
+++ b/ripcurrent24/hal_gnss_default.te
@@ -0,0 +1,3 @@
+binder_call(hal_gnss_default, gnssd);
+
+allow hal_gnss_default gnssd:unix_stream_socket connectto;
diff --git a/ripcurrent24/rild.te b/ripcurrent24/rild.te
new file mode 100644
index 00000000..c620a19b
--- /dev/null
+++ b/ripcurrent24/rild.te
@@ -0,0 +1 @@
+binder_call(rild, gnssd)
diff --git a/ripcurrent24/sctd.te b/ripcurrent24/sctd.te
new file mode 100644
index 00000000..8966ef8a
--- /dev/null
+++ b/ripcurrent24/sctd.te
@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);
diff --git a/ripcurrent24/spad.te b/ripcurrent24/spad.te
new file mode 100644
index 00000000..eaf8b1c8
--- /dev/null
+++ b/ripcurrent24/spad.te
@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);
diff --git a/ripcurrent24/swcnd.te b/ripcurrent24/swcnd.te
new file mode 100644
index 00000000..c366cad8
--- /dev/null
+++ b/ripcurrent24/swcnd.te
@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);
diff --git a/tokay-sepolicy.mk b/tokay-sepolicy.mk
index c19f6f71..9183880d 100644
--- a/tokay-sepolicy.mk
+++ b/tokay-sepolicy.mk
@@ -1,5 +1,2 @@
 # sepolicy that are shared among devices using ZumaPro
 BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/tokay
-
-# GPS sepolicy
-BOARD_SEPOLICY_DIRS += device/google/caimito-sepolicy/gnss
diff --git a/tokay/file_contexts b/tokay/file_contexts
index 025e3799..9c7fe8a5 100644
--- a/tokay/file_contexts
+++ b/tokay/file_contexts
@@ -10,3 +10,14 @@
 /dev/lwis-sensor-boitata                                                    u:object_r:lwis_device:s0
 /dev/lwis-sensor-dokkaebi                                                   u:object_r:lwis_device:s0
 /dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
+# GPS
+/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad             u:object_r:spad_exec:s0
+/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
diff --git a/tokay/gnss_check.te b/tokay/gnss_check.te
new file mode 100644
index 00000000..31d0944f
--- /dev/null
+++ b/tokay/gnss_check.te
@@ -0,0 +1,9 @@
+type gnss_check, domain;
+type gnss_check_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(gnss_check);
+
+allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
+
+set_prop(gnss_check, ctl_stop_prop);
+set_prop(gnss_check, ctl_start_prop);
diff --git a/tokay/gnssd.te b/tokay/gnssd.te
new file mode 100644
index 00000000..ea16762b
--- /dev/null
+++ b/tokay/gnssd.te
@@ -0,0 +1,23 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+# binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+get_prop(gnssd, bootanim_system_prop)
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
diff --git a/tokay/hal_gnss_default.te b/tokay/hal_gnss_default.te
new file mode 100644
index 00000000..bf1a5645
--- /dev/null
+++ b/tokay/hal_gnss_default.te
@@ -0,0 +1,3 @@
+binder_call(hal_gnss_default, gnssd);
+
+allow hal_gnss_default gnssd:unix_stream_socket connectto;
diff --git a/tokay/rild.te b/tokay/rild.te
new file mode 100644
index 00000000..c620a19b
--- /dev/null
+++ b/tokay/rild.te
@@ -0,0 +1 @@
+binder_call(rild, gnssd)
diff --git a/tokay/sctd.te b/tokay/sctd.te
new file mode 100644
index 00000000..8966ef8a
--- /dev/null
+++ b/tokay/sctd.te
@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);
diff --git a/tokay/spad.te b/tokay/spad.te
new file mode 100644
index 00000000..eaf8b1c8
--- /dev/null
+++ b/tokay/spad.te
@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);
diff --git a/tokay/swcnd.te b/tokay/swcnd.te
new file mode 100644
index 00000000..c366cad8
--- /dev/null
+++ b/tokay/swcnd.te
@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);

From 175f52c76f7d97f3d94aa12c2aefa3509c6cb925 Mon Sep 17 00:00:00 2001
From: YiKai Peng <kenpeng@google.com>
Date: Thu, 4 Jan 2024 07:35:26 +0000
Subject: [PATCH 15/25] WLC: fix i2c number for sepolicy

Bug: 318390668
Test: Build/Flash
Change-Id: I609c96dbf0bde428a7357e8a079ab91dc931f48e
Signed-off-by: YiKai Peng <kenpeng@google.com>
---
 ripcurrent24/genfs_contexts  | 4 ++--
 ripcurrentpro/genfs_contexts | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ripcurrent24/genfs_contexts b/ripcurrent24/genfs_contexts
index 928a80cc..77df5e2b 100644
--- a/ripcurrent24/genfs_contexts
+++ b/ripcurrent24/genfs_contexts
@@ -7,5 +7,5 @@ genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0043            u:object
 genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0043            u:object_r:sysfs_vibrator:s0
 
 # WLC
-genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b                          u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061                          u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                          u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0061                          u:object_r:sysfs_wlc:s0
diff --git a/ripcurrentpro/genfs_contexts b/ripcurrentpro/genfs_contexts
index bf853a63..76c805da 100644
--- a/ripcurrentpro/genfs_contexts
+++ b/ripcurrentpro/genfs_contexts
@@ -2,5 +2,5 @@
 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0042            u:object_r:sysfs_vibrator:s0
 
 # WLC
-genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b                          u:object_r:sysfs_wlc:s0
-genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061                          u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                          u:object_r:sysfs_wlc:s0
+genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0061                          u:object_r:sysfs_wlc:s0

From d363b7d0b2f62b1cee1ac4846e691a161961f3b3 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Mon, 8 Jan 2024 17:10:32 +0800
Subject: [PATCH 16/25] Label wakeup nodes

Bug: 318032188
Test: make sepolicy
Change-Id: I2890c211714dfd07ea6ee08554bcfb0cfb12fe6e
---
 caiman/genfs_contexts | 6 ++++++
 komodo/genfs_contexts | 6 ++++++
 tokay/genfs_contexts  | 6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/caiman/genfs_contexts b/caiman/genfs_contexts
index 63170b7a..86cf8b7b 100644
--- a/caiman/genfs_contexts
+++ b/caiman/genfs_contexts
@@ -1,2 +1,8 @@
 # WLC
 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b                          u:object_r:sysfs_wlc:s0
+
+#Wakeup node
+genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/power/wakeup   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup         u:object_r:sysfs_wakeup:s0
diff --git a/komodo/genfs_contexts b/komodo/genfs_contexts
index 63170b7a..86cf8b7b 100644
--- a/komodo/genfs_contexts
+++ b/komodo/genfs_contexts
@@ -1,2 +1,8 @@
 # WLC
 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b                          u:object_r:sysfs_wlc:s0
+
+#Wakeup node
+genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/power/wakeup   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup         u:object_r:sysfs_wakeup:s0
diff --git a/tokay/genfs_contexts b/tokay/genfs_contexts
index 63170b7a..86cf8b7b 100644
--- a/tokay/genfs_contexts
+++ b/tokay/genfs_contexts
@@ -1,2 +1,8 @@
 # WLC
 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b                          u:object_r:sysfs_wlc:s0
+
+#Wakeup node
+genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/power/wakeup   u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup         u:object_r:sysfs_wakeup:s0

From 88d9281973eefad410a5d00048252e96b90a21d1 Mon Sep 17 00:00:00 2001
From: Wilson Sung <wilsonsung@google.com>
Date: Fri, 12 Jan 2024 03:21:37 +0000
Subject: [PATCH 17/25] Move max77759tcpc label to zumapro

Bug: 319737316
Test: make sepolicy
Change-Id: I6f042244bf652d3c83e86911303d146b6bb4c2a2
---
 caiman/genfs_contexts | 2 --
 komodo/genfs_contexts | 2 --
 tokay/genfs_contexts  | 2 --
 3 files changed, 6 deletions(-)

diff --git a/caiman/genfs_contexts b/caiman/genfs_contexts
index 86cf8b7b..0d2222c4 100644
--- a/caiman/genfs_contexts
+++ b/caiman/genfs_contexts
@@ -4,5 +4,3 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b
 #Wakeup node
 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/power/wakeup   u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup         u:object_r:sysfs_wakeup:s0
diff --git a/komodo/genfs_contexts b/komodo/genfs_contexts
index 86cf8b7b..0d2222c4 100644
--- a/komodo/genfs_contexts
+++ b/komodo/genfs_contexts
@@ -4,5 +4,3 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b
 #Wakeup node
 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/power/wakeup   u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup         u:object_r:sysfs_wakeup:s0
diff --git a/tokay/genfs_contexts b/tokay/genfs_contexts
index 86cf8b7b..0d2222c4 100644
--- a/tokay/genfs_contexts
+++ b/tokay/genfs_contexts
@@ -4,5 +4,3 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b
 #Wakeup node
 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/power/wakeup   u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup         u:object_r:sysfs_wakeup:s0

From afcfb468947a72be41ba1c44b36dfd77262a953d Mon Sep 17 00:00:00 2001
From: Wendly Li <wendlyli@google.com>
Date: Tue, 16 Jan 2024 09:25:01 +0000
Subject: [PATCH 18/25] Add wakeup sepolicy for spi20

Bug: 320395939
Test: make sepolicy
Change-Id: I85b6ff0c47ed5936c47bdb4d751cec0833f0cd11
Signed-off-by: Wendly Li <wendlyli@google.com>
---
 caiman/genfs_contexts | 1 +
 komodo/genfs_contexts | 1 +
 tokay/genfs_contexts  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/caiman/genfs_contexts b/caiman/genfs_contexts
index 0d2222c4..736ed003 100644
--- a/caiman/genfs_contexts
+++ b/caiman/genfs_contexts
@@ -4,3 +4,4 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b
 #Wakeup node
 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/wakeup                             u:object_r:sysfs_wakeup:s0
diff --git a/komodo/genfs_contexts b/komodo/genfs_contexts
index 0d2222c4..736ed003 100644
--- a/komodo/genfs_contexts
+++ b/komodo/genfs_contexts
@@ -4,3 +4,4 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b
 #Wakeup node
 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/wakeup                             u:object_r:sysfs_wakeup:s0
diff --git a/tokay/genfs_contexts b/tokay/genfs_contexts
index 0d2222c4..736ed003 100644
--- a/tokay/genfs_contexts
+++ b/tokay/genfs_contexts
@@ -4,3 +4,4 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b
 #Wakeup node
 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/wakeup                             u:object_r:sysfs_wakeup:s0

From 3dc01cbd483824ae43ed7385fa098f06c50fd87e Mon Sep 17 00:00:00 2001
From: Wayne Lin <waynewhlin@google.com>
Date: Sat, 13 Jan 2024 00:35:50 +0800
Subject: [PATCH 19/25] gps: refine iGNSS build system - sepolicy

Bug: 318310869
Bug: 315915958
Test: build pass and GPS function works
Change-Id: I6329298f89a03a10dc9c8e1579baa4060d85c30c
---
 caiman/file_contexts             | 11 -----------
 caiman/gnss_check.te             |  9 ---------
 caiman/gnssd.te                  | 23 -----------------------
 caiman/hal_gnss_default.te       |  3 ---
 caiman/rild.te                   |  1 -
 caiman/sctd.te                   |  3 ---
 caiman/spad.te                   |  3 ---
 caiman/swcnd.te                  |  3 ---
 komodo/file_contexts             | 11 -----------
 komodo/gnss_check.te             |  9 ---------
 komodo/gnssd.te                  | 23 -----------------------
 komodo/hal_gnss_default.te       |  3 ---
 komodo/rild.te                   |  1 -
 komodo/sctd.te                   |  3 ---
 komodo/spad.te                   |  3 ---
 komodo/swcnd.te                  |  3 ---
 ripcurrent24/file_contexts       | 11 -----------
 ripcurrent24/gnss_check.te       |  9 ---------
 ripcurrent24/gnssd.te            | 23 -----------------------
 ripcurrent24/hal_gnss_default.te |  3 ---
 ripcurrent24/rild.te             |  1 -
 ripcurrent24/sctd.te             |  3 ---
 ripcurrent24/spad.te             |  3 ---
 ripcurrent24/swcnd.te            |  3 ---
 tokay/file_contexts              | 11 -----------
 tokay/gnss_check.te              |  9 ---------
 tokay/gnssd.te                   | 23 -----------------------
 tokay/hal_gnss_default.te        |  3 ---
 tokay/rild.te                    |  1 -
 tokay/sctd.te                    |  3 ---
 tokay/spad.te                    |  3 ---
 tokay/swcnd.te                   |  3 ---
 32 files changed, 224 deletions(-)
 delete mode 100644 caiman/gnss_check.te
 delete mode 100644 caiman/gnssd.te
 delete mode 100644 caiman/hal_gnss_default.te
 delete mode 100644 caiman/rild.te
 delete mode 100644 caiman/sctd.te
 delete mode 100644 caiman/spad.te
 delete mode 100644 caiman/swcnd.te
 delete mode 100644 komodo/gnss_check.te
 delete mode 100644 komodo/gnssd.te
 delete mode 100644 komodo/hal_gnss_default.te
 delete mode 100644 komodo/rild.te
 delete mode 100644 komodo/sctd.te
 delete mode 100644 komodo/spad.te
 delete mode 100644 komodo/swcnd.te
 delete mode 100644 ripcurrent24/gnss_check.te
 delete mode 100644 ripcurrent24/gnssd.te
 delete mode 100644 ripcurrent24/hal_gnss_default.te
 delete mode 100644 ripcurrent24/rild.te
 delete mode 100644 ripcurrent24/sctd.te
 delete mode 100644 ripcurrent24/spad.te
 delete mode 100644 ripcurrent24/swcnd.te
 delete mode 100644 tokay/gnss_check.te
 delete mode 100644 tokay/gnssd.te
 delete mode 100644 tokay/hal_gnss_default.te
 delete mode 100644 tokay/rild.te
 delete mode 100644 tokay/sctd.te
 delete mode 100644 tokay/spad.te
 delete mode 100644 tokay/swcnd.te

diff --git a/caiman/file_contexts b/caiman/file_contexts
index 2cc3a039..cdb38af4 100644
--- a/caiman/file_contexts
+++ b/caiman/file_contexts
@@ -14,14 +14,3 @@
 /dev/lwis-sensor-taotie-tele                                                u:object_r:lwis_device:s0
 /dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
 /dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0
-# GPS
-/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
-/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
-/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
-
-/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
-/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
-/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
-/vendor/bin/hw/spad             u:object_r:spad_exec:s0
-/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
diff --git a/caiman/gnss_check.te b/caiman/gnss_check.te
deleted file mode 100644
index 31d0944f..00000000
--- a/caiman/gnss_check.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type gnss_check, domain;
-type gnss_check_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(gnss_check);
-
-allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
-
-set_prop(gnss_check, ctl_stop_prop);
-set_prop(gnss_check, ctl_start_prop);
diff --git a/caiman/gnssd.te b/caiman/gnssd.te
deleted file mode 100644
index ea16762b..00000000
--- a/caiman/gnssd.te
+++ /dev/null
@@ -1,23 +0,0 @@
-type gnssd, domain;
-type gnssd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(gnssd);
-
-# Allow gnssd to access rild
-binder_call(gnssd, rild);
-# binder_call(gnssd, hwservicemanager)
-allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
-allow gnssd radio_device:chr_file rw_file_perms;
-
-# Allow gnssd to acess gnss device
-allow gnssd vendor_gnss_device:chr_file rw_file_perms;
-allow gnssd vendor_gps_file:dir create_dir_perms;
-allow gnssd vendor_gps_file:file create_file_perms;
-allow gnssd vendor_gps_file:fifo_file create_file_perms;
-
-get_prop(gnssd, bootanim_system_prop)
-
-# Allow gnssd to obtain wakelock
-wakelock_use(gnssd)
-
-# Allow a base set of permissions required for network access.
-net_domain(gnssd);
diff --git a/caiman/hal_gnss_default.te b/caiman/hal_gnss_default.te
deleted file mode 100644
index bf1a5645..00000000
--- a/caiman/hal_gnss_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-binder_call(hal_gnss_default, gnssd);
-
-allow hal_gnss_default gnssd:unix_stream_socket connectto;
diff --git a/caiman/rild.te b/caiman/rild.te
deleted file mode 100644
index c620a19b..00000000
--- a/caiman/rild.te
+++ /dev/null
@@ -1 +0,0 @@
-binder_call(rild, gnssd)
diff --git a/caiman/sctd.te b/caiman/sctd.te
deleted file mode 100644
index 8966ef8a..00000000
--- a/caiman/sctd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type sctd, domain;
-type sctd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(sctd);
diff --git a/caiman/spad.te b/caiman/spad.te
deleted file mode 100644
index eaf8b1c8..00000000
--- a/caiman/spad.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type spad, domain;
-type spad_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(spad);
diff --git a/caiman/swcnd.te b/caiman/swcnd.te
deleted file mode 100644
index c366cad8..00000000
--- a/caiman/swcnd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type swcnd, domain;
-type swcnd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(swcnd);
diff --git a/komodo/file_contexts b/komodo/file_contexts
index 2cc3a039..cdb38af4 100644
--- a/komodo/file_contexts
+++ b/komodo/file_contexts
@@ -14,14 +14,3 @@
 /dev/lwis-sensor-taotie-tele                                                u:object_r:lwis_device:s0
 /dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
 /dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0
-# GPS
-/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
-/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
-/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
-
-/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
-/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
-/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
-/vendor/bin/hw/spad             u:object_r:spad_exec:s0
-/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
diff --git a/komodo/gnss_check.te b/komodo/gnss_check.te
deleted file mode 100644
index 31d0944f..00000000
--- a/komodo/gnss_check.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type gnss_check, domain;
-type gnss_check_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(gnss_check);
-
-allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
-
-set_prop(gnss_check, ctl_stop_prop);
-set_prop(gnss_check, ctl_start_prop);
diff --git a/komodo/gnssd.te b/komodo/gnssd.te
deleted file mode 100644
index ea16762b..00000000
--- a/komodo/gnssd.te
+++ /dev/null
@@ -1,23 +0,0 @@
-type gnssd, domain;
-type gnssd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(gnssd);
-
-# Allow gnssd to access rild
-binder_call(gnssd, rild);
-# binder_call(gnssd, hwservicemanager)
-allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
-allow gnssd radio_device:chr_file rw_file_perms;
-
-# Allow gnssd to acess gnss device
-allow gnssd vendor_gnss_device:chr_file rw_file_perms;
-allow gnssd vendor_gps_file:dir create_dir_perms;
-allow gnssd vendor_gps_file:file create_file_perms;
-allow gnssd vendor_gps_file:fifo_file create_file_perms;
-
-get_prop(gnssd, bootanim_system_prop)
-
-# Allow gnssd to obtain wakelock
-wakelock_use(gnssd)
-
-# Allow a base set of permissions required for network access.
-net_domain(gnssd);
diff --git a/komodo/hal_gnss_default.te b/komodo/hal_gnss_default.te
deleted file mode 100644
index bf1a5645..00000000
--- a/komodo/hal_gnss_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-binder_call(hal_gnss_default, gnssd);
-
-allow hal_gnss_default gnssd:unix_stream_socket connectto;
diff --git a/komodo/rild.te b/komodo/rild.te
deleted file mode 100644
index c620a19b..00000000
--- a/komodo/rild.te
+++ /dev/null
@@ -1 +0,0 @@
-binder_call(rild, gnssd)
diff --git a/komodo/sctd.te b/komodo/sctd.te
deleted file mode 100644
index 8966ef8a..00000000
--- a/komodo/sctd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type sctd, domain;
-type sctd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(sctd);
diff --git a/komodo/spad.te b/komodo/spad.te
deleted file mode 100644
index eaf8b1c8..00000000
--- a/komodo/spad.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type spad, domain;
-type spad_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(spad);
diff --git a/komodo/swcnd.te b/komodo/swcnd.te
deleted file mode 100644
index c366cad8..00000000
--- a/komodo/swcnd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type swcnd, domain;
-type swcnd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(swcnd);
diff --git a/ripcurrent24/file_contexts b/ripcurrent24/file_contexts
index 9fd7a3b5..1143d5fd 100644
--- a/ripcurrent24/file_contexts
+++ b/ripcurrent24/file_contexts
@@ -42,14 +42,3 @@
 /dev/lwis-sensor-taotie-tele                                                u:object_r:lwis_device:s0
 /dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
 /dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0
-# GPS
-/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
-/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
-/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
-
-/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
-/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
-/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
-/vendor/bin/hw/spad             u:object_r:spad_exec:s0
-/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
diff --git a/ripcurrent24/gnss_check.te b/ripcurrent24/gnss_check.te
deleted file mode 100644
index 31d0944f..00000000
--- a/ripcurrent24/gnss_check.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type gnss_check, domain;
-type gnss_check_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(gnss_check);
-
-allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
-
-set_prop(gnss_check, ctl_stop_prop);
-set_prop(gnss_check, ctl_start_prop);
diff --git a/ripcurrent24/gnssd.te b/ripcurrent24/gnssd.te
deleted file mode 100644
index ea16762b..00000000
--- a/ripcurrent24/gnssd.te
+++ /dev/null
@@ -1,23 +0,0 @@
-type gnssd, domain;
-type gnssd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(gnssd);
-
-# Allow gnssd to access rild
-binder_call(gnssd, rild);
-# binder_call(gnssd, hwservicemanager)
-allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
-allow gnssd radio_device:chr_file rw_file_perms;
-
-# Allow gnssd to acess gnss device
-allow gnssd vendor_gnss_device:chr_file rw_file_perms;
-allow gnssd vendor_gps_file:dir create_dir_perms;
-allow gnssd vendor_gps_file:file create_file_perms;
-allow gnssd vendor_gps_file:fifo_file create_file_perms;
-
-get_prop(gnssd, bootanim_system_prop)
-
-# Allow gnssd to obtain wakelock
-wakelock_use(gnssd)
-
-# Allow a base set of permissions required for network access.
-net_domain(gnssd);
diff --git a/ripcurrent24/hal_gnss_default.te b/ripcurrent24/hal_gnss_default.te
deleted file mode 100644
index bf1a5645..00000000
--- a/ripcurrent24/hal_gnss_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-binder_call(hal_gnss_default, gnssd);
-
-allow hal_gnss_default gnssd:unix_stream_socket connectto;
diff --git a/ripcurrent24/rild.te b/ripcurrent24/rild.te
deleted file mode 100644
index c620a19b..00000000
--- a/ripcurrent24/rild.te
+++ /dev/null
@@ -1 +0,0 @@
-binder_call(rild, gnssd)
diff --git a/ripcurrent24/sctd.te b/ripcurrent24/sctd.te
deleted file mode 100644
index 8966ef8a..00000000
--- a/ripcurrent24/sctd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type sctd, domain;
-type sctd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(sctd);
diff --git a/ripcurrent24/spad.te b/ripcurrent24/spad.te
deleted file mode 100644
index eaf8b1c8..00000000
--- a/ripcurrent24/spad.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type spad, domain;
-type spad_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(spad);
diff --git a/ripcurrent24/swcnd.te b/ripcurrent24/swcnd.te
deleted file mode 100644
index c366cad8..00000000
--- a/ripcurrent24/swcnd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type swcnd, domain;
-type swcnd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(swcnd);
diff --git a/tokay/file_contexts b/tokay/file_contexts
index 9c7fe8a5..025e3799 100644
--- a/tokay/file_contexts
+++ b/tokay/file_contexts
@@ -10,14 +10,3 @@
 /dev/lwis-sensor-boitata                                                    u:object_r:lwis_device:s0
 /dev/lwis-sensor-dokkaebi                                                   u:object_r:lwis_device:s0
 /dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
-# GPS
-/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
-/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
-/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
-
-/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
-/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
-/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
-/vendor/bin/hw/spad             u:object_r:spad_exec:s0
-/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
-/vendor/bin/gnss_check\.sh                                     u:object_r:gnss_check_exec:s0
diff --git a/tokay/gnss_check.te b/tokay/gnss_check.te
deleted file mode 100644
index 31d0944f..00000000
--- a/tokay/gnss_check.te
+++ /dev/null
@@ -1,9 +0,0 @@
-type gnss_check, domain;
-type gnss_check_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(gnss_check);
-
-allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
-
-set_prop(gnss_check, ctl_stop_prop);
-set_prop(gnss_check, ctl_start_prop);
diff --git a/tokay/gnssd.te b/tokay/gnssd.te
deleted file mode 100644
index ea16762b..00000000
--- a/tokay/gnssd.te
+++ /dev/null
@@ -1,23 +0,0 @@
-type gnssd, domain;
-type gnssd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(gnssd);
-
-# Allow gnssd to access rild
-binder_call(gnssd, rild);
-# binder_call(gnssd, hwservicemanager)
-allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
-allow gnssd radio_device:chr_file rw_file_perms;
-
-# Allow gnssd to acess gnss device
-allow gnssd vendor_gnss_device:chr_file rw_file_perms;
-allow gnssd vendor_gps_file:dir create_dir_perms;
-allow gnssd vendor_gps_file:file create_file_perms;
-allow gnssd vendor_gps_file:fifo_file create_file_perms;
-
-get_prop(gnssd, bootanim_system_prop)
-
-# Allow gnssd to obtain wakelock
-wakelock_use(gnssd)
-
-# Allow a base set of permissions required for network access.
-net_domain(gnssd);
diff --git a/tokay/hal_gnss_default.te b/tokay/hal_gnss_default.te
deleted file mode 100644
index bf1a5645..00000000
--- a/tokay/hal_gnss_default.te
+++ /dev/null
@@ -1,3 +0,0 @@
-binder_call(hal_gnss_default, gnssd);
-
-allow hal_gnss_default gnssd:unix_stream_socket connectto;
diff --git a/tokay/rild.te b/tokay/rild.te
deleted file mode 100644
index c620a19b..00000000
--- a/tokay/rild.te
+++ /dev/null
@@ -1 +0,0 @@
-binder_call(rild, gnssd)
diff --git a/tokay/sctd.te b/tokay/sctd.te
deleted file mode 100644
index 8966ef8a..00000000
--- a/tokay/sctd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type sctd, domain;
-type sctd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(sctd);
diff --git a/tokay/spad.te b/tokay/spad.te
deleted file mode 100644
index eaf8b1c8..00000000
--- a/tokay/spad.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type spad, domain;
-type spad_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(spad);
diff --git a/tokay/swcnd.te b/tokay/swcnd.te
deleted file mode 100644
index c366cad8..00000000
--- a/tokay/swcnd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type swcnd, domain;
-type swcnd_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(swcnd);

From a397ced2961a953ade18d4ec1fcc8530b78dd24e Mon Sep 17 00:00:00 2001
From: Tai Kuo <taikuo@google.com>
Date: Thu, 22 Feb 2024 22:02:43 +0800
Subject: [PATCH 20/25] cs40l26: Update I2C paths

Bug: 326085750
Test: No AVC denials.
Change-Id: I63fd11451a703a0de2930c7a9fa5dfd445ea5e35
---
 ripcurrentpro/genfs_contexts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ripcurrentpro/genfs_contexts b/ripcurrentpro/genfs_contexts
index 76c805da..763c61e8 100644
--- a/ripcurrentpro/genfs_contexts
+++ b/ripcurrentpro/genfs_contexts
@@ -1,5 +1,6 @@
 # Haptics
-genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0042            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0043            u:object_r:sysfs_vibrator:s0
+genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0042            u:object_r:sysfs_vibrator:s0
 
 # WLC
 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b                          u:object_r:sysfs_wlc:s0

From 8e3b05f670597a92579823bbeedf2867bc99fc5a Mon Sep 17 00:00:00 2001
From: Helen <helenhykim@google.com>
Date: Thu, 22 Feb 2024 17:56:03 +0000
Subject: [PATCH 21/25] Allow imssvc property access for the audio path in PDK
 build

Bug: 319336100
Test: build and test using the PDK build in live network
Change-Id: Ice79bf50c6e453c7f7d51fce30755fa09cedf038
---
 caiman/vendor_init.te        | 5 +++++
 komodo/vendor_init.te        | 4 ++++
 ripcurrent24/vendor_init.te  | 4 ++++
 ripcurrentpro/vendor_init.te | 4 ++++
 tokay/vendor_init.te         | 4 ++++
 5 files changed, 21 insertions(+)
 create mode 100644 komodo/vendor_init.te
 create mode 100644 ripcurrent24/vendor_init.te
 create mode 100644 ripcurrentpro/vendor_init.te
 create mode 100644 tokay/vendor_init.te

diff --git a/caiman/vendor_init.te b/caiman/vendor_init.te
index 3f4df0ef..f9105c1c 100644
--- a/caiman/vendor_init.te
+++ b/caiman/vendor_init.te
@@ -1,2 +1,7 @@
 # Display
 set_prop(vendor_init, vendor_display_prop)
+
+# Vendor Ims Service property - Set the audio path for PDK build
+userdebug_or_eng(`
+    set_prop(vendor_init, vendor_imssvc_prop)
+')
diff --git a/komodo/vendor_init.te b/komodo/vendor_init.te
new file mode 100644
index 00000000..00bc124b
--- /dev/null
+++ b/komodo/vendor_init.te
@@ -0,0 +1,4 @@
+# Vendor Ims Service property - Set the audio path for PDK build
+userdebug_or_eng(`
+    set_prop(vendor_init, vendor_imssvc_prop)
+')
diff --git a/ripcurrent24/vendor_init.te b/ripcurrent24/vendor_init.te
new file mode 100644
index 00000000..00bc124b
--- /dev/null
+++ b/ripcurrent24/vendor_init.te
@@ -0,0 +1,4 @@
+# Vendor Ims Service property - Set the audio path for PDK build
+userdebug_or_eng(`
+    set_prop(vendor_init, vendor_imssvc_prop)
+')
diff --git a/ripcurrentpro/vendor_init.te b/ripcurrentpro/vendor_init.te
new file mode 100644
index 00000000..00bc124b
--- /dev/null
+++ b/ripcurrentpro/vendor_init.te
@@ -0,0 +1,4 @@
+# Vendor Ims Service property - Set the audio path for PDK build
+userdebug_or_eng(`
+    set_prop(vendor_init, vendor_imssvc_prop)
+')
diff --git a/tokay/vendor_init.te b/tokay/vendor_init.te
new file mode 100644
index 00000000..00bc124b
--- /dev/null
+++ b/tokay/vendor_init.te
@@ -0,0 +1,4 @@
+# Vendor Ims Service property - Set the audio path for PDK build
+userdebug_or_eng(`
+    set_prop(vendor_init, vendor_imssvc_prop)
+')

From af064374554a86cb6a53ba2f924e00d9f9fe240e Mon Sep 17 00:00:00 2001
From: Alan Chen <alanblc@google.com>
Date: Fri, 23 Feb 2024 12:40:47 +0800
Subject: [PATCH 22/25] Allow gril to access radioext-aidl

Selinux logs fixed:

auditd  : avc:  denied  { find } for pid=2251 uid=10246 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c246,c256,c512,c768 tcontext=u:object_r:hal_radio_ext_service:s0 tclass=service_manager permissive=0

auditd  : type=1400 audit(0.0:24): avc:  denied  { call } for  comm="oid.grilservice" scontext=u:r:grilservice_app:s0:c246,c256,c512,c768 tcontext=u:r:hal_radio_ext:s0 tclass=binder permissive=0 app=com.google.android.grilservice

Bug: 322125172
Test: the two selinux logs do not appear and no errors when gril calls radioext-aidl
Change-Id: Iec490afe4fbfd276ecda592fa20ac871f086c5f0
---
 caiman/grilservice_app.te | 2 ++
 komodo/grilservice_app.te | 2 ++
 tokay/grilservice_app.te  | 2 ++
 3 files changed, 6 insertions(+)
 create mode 100644 caiman/grilservice_app.te
 create mode 100644 komodo/grilservice_app.te
 create mode 100644 tokay/grilservice_app.te

diff --git a/caiman/grilservice_app.te b/caiman/grilservice_app.te
new file mode 100644
index 00000000..9bd8c8e7
--- /dev/null
+++ b/caiman/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)
diff --git a/komodo/grilservice_app.te b/komodo/grilservice_app.te
new file mode 100644
index 00000000..9bd8c8e7
--- /dev/null
+++ b/komodo/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)
diff --git a/tokay/grilservice_app.te b/tokay/grilservice_app.te
new file mode 100644
index 00000000..9bd8c8e7
--- /dev/null
+++ b/tokay/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)

From 9dcb8c3946437b9b7ef2d595dbcdd29094d2bd0d Mon Sep 17 00:00:00 2001
From: Boon Jun Soh <boonjun@google.com>
Date: Wed, 20 Mar 2024 04:03:37 +0000
Subject: [PATCH 23/25] Give tokay wingboard access to tarasque sensor

Bug: 321646720
Test: Check for avc denied errors
Change-Id: I066c06e0f86947589cba626f1ee2db0a9a8c98da
---
 tokay/file_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tokay/file_contexts b/tokay/file_contexts
index 025e3799..e49723d6 100644
--- a/tokay/file_contexts
+++ b/tokay/file_contexts
@@ -10,3 +10,4 @@
 /dev/lwis-sensor-boitata                                                    u:object_r:lwis_device:s0
 /dev/lwis-sensor-dokkaebi                                                   u:object_r:lwis_device:s0
 /dev/lwis-sensor-taotie-uw                                                  u:object_r:lwis_device:s0
+/dev/lwis-tof-tarasque                                                      u:object_r:lwis_device:s0

From e5cea68be90a564e30d9a7e96bdf19d42f9bf10f Mon Sep 17 00:00:00 2001
From: Frank Yu <shengfanyu@google.com>
Date: Mon, 18 Mar 2024 02:16:00 +0000
Subject: [PATCH 24/25] Update P24 SEpolicy for grilserice_app register
 callbacks of AntennaTuningService.

Test: Locally tested. grilservice_app successfully register callbacks of AntennaTuningService without SEpolicy error.
Bug: 321790599
Change-Id: I553a3e6f23602cc6cd77e9a7d3ce414069083f7c
---
 caiman/grilservice_app.te | 5 +++++
 komodo/grilservice_app.te | 5 +++++
 tokay/grilservice_app.te  | 5 +++++
 3 files changed, 15 insertions(+)

diff --git a/caiman/grilservice_app.te b/caiman/grilservice_app.te
index 9bd8c8e7..3c9a3785 100644
--- a/caiman/grilservice_app.te
+++ b/caiman/grilservice_app.te
@@ -1,2 +1,7 @@
 allow grilservice_app hal_radio_ext_service:service_manager find;
 binder_call(grilservice_app, hal_radio_ext)
+
+binder_use(grilservice_app)
+allow grilservice_app gril_antenna_tuning_service:service_manager find;
+binder_call(grilservice_app, gril_antenna_tuning_service)
+binder_call(grilservice_app, twoshay)
diff --git a/komodo/grilservice_app.te b/komodo/grilservice_app.te
index 9bd8c8e7..3c9a3785 100644
--- a/komodo/grilservice_app.te
+++ b/komodo/grilservice_app.te
@@ -1,2 +1,7 @@
 allow grilservice_app hal_radio_ext_service:service_manager find;
 binder_call(grilservice_app, hal_radio_ext)
+
+binder_use(grilservice_app)
+allow grilservice_app gril_antenna_tuning_service:service_manager find;
+binder_call(grilservice_app, gril_antenna_tuning_service)
+binder_call(grilservice_app, twoshay)
diff --git a/tokay/grilservice_app.te b/tokay/grilservice_app.te
index 9bd8c8e7..3c9a3785 100644
--- a/tokay/grilservice_app.te
+++ b/tokay/grilservice_app.te
@@ -1,2 +1,7 @@
 allow grilservice_app hal_radio_ext_service:service_manager find;
 binder_call(grilservice_app, hal_radio_ext)
+
+binder_use(grilservice_app)
+allow grilservice_app gril_antenna_tuning_service:service_manager find;
+binder_call(grilservice_app, gril_antenna_tuning_service)
+binder_call(grilservice_app, twoshay)

From 4d5205eba10fef02eedd4d6f619a2dc33e9803ea Mon Sep 17 00:00:00 2001
From: Zheng Pan <zhengpan@google.com>
Date: Wed, 12 Jun 2024 12:15:15 -0700
Subject: [PATCH 25/25] Add DP wakeup file permission

Bug: 346660264
Test: on KM4, no SElinux denial
Change-Id: Ia660319d3dbebfdcd59630754a09ba6c9bced27e
---
 caiman/genfs_contexts | 1 +
 komodo/genfs_contexts | 1 +
 tokay/genfs_contexts  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/caiman/genfs_contexts b/caiman/genfs_contexts
index 736ed003..5037ba8c 100644
--- a/caiman/genfs_contexts
+++ b/caiman/genfs_contexts
@@ -3,5 +3,6 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b
 
 #Wakeup node
 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/wakeup                                                                    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/wakeup                             u:object_r:sysfs_wakeup:s0
diff --git a/komodo/genfs_contexts b/komodo/genfs_contexts
index 736ed003..5037ba8c 100644
--- a/komodo/genfs_contexts
+++ b/komodo/genfs_contexts
@@ -3,5 +3,6 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b
 
 #Wakeup node
 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/wakeup                                                                    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/wakeup                             u:object_r:sysfs_wakeup:s0
diff --git a/tokay/genfs_contexts b/tokay/genfs_contexts
index 736ed003..5037ba8c 100644
--- a/tokay/genfs_contexts
+++ b/tokay/genfs_contexts
@@ -3,5 +3,6 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b
 
 #Wakeup node
 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/power/wakeup                                                    u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/110f0000.drmdp/wakeup                                                                    u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/power/wakeup                       u:object_r:sysfs_wakeup:s0
 genfscon sysfs /devices/platform/111d0000.spi/spi_master/spi20/spi20.0/synaptics_tcm.0/wakeup                             u:object_r:sysfs_wakeup:s0